Reputation: 689
AWS Cloudtrail Insights vs AWS Macie vs AWS GuardDuty
My understanding of all three is that they look for patterns in events and logs to determine if there is a potential security flaw. Another question touches upon this but somewhat unsatisfactory. What I got from that reply was:
... GuardDuty is more tilted towards indications of actual compromise whereas insights is more just 'unusual' API activity
Macie: Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Cloudtrail Insights: AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.
GuardDuty: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3
What is the difference and when should I use what service? Is someone able to do a bit more explanation around the actual differences?
Upvotes: 1
Views: 3356
Answers (1)
Reputation: 12075
My understanding of all three is that they look for patterns in events and logs to determine if there is a potential security flaw
...
What is the difference and when should I use what service?
Every service documentation has its FAQ part, where this is explained.
All three services have different purpose. They look into different input data and produce different alert types, which are not necessarily security flaws, but are to be reviewed and addressed. The services are not overlapping in functionality, so I'm not sure what is confusing for you. I will just list the difference.
Amazon Macie reads your S3 bucket data to identify open and shared S3 buckets and data containing PII.
GuardDuty aggregates "AWS CloudTrail event logs, Amazon VPC Flow Logs and DNS logs" to detect suspicious activity.
Cloudtrail Insights is a new CloudTrail feature. The service generates Insights events when the API calls volume is outside normal patterns.
Upvotes: 4
Related Questions
- AWS S3 bucket logs vs AWS cloudtrail
- AWS CloudWatch Logs Insights
- AWS CloudTrail Insights vs GuardDuty
- Monitoring Guardduty findings using CloudWatch
- what is the difference among amazon inspector vs trusted advisor vs cloudwatch vs Personal Health Dashboard vs AWS cloudtrail?
- How to monitor entire AWS environment?
- AWS ALB - Access Logs versus Request Tracing versus CloudTrail Logs
- Which monitoring tool is better to use on AWS for k8s cluster?
- Web app performance monitoring on AWS